Home
  •  

SCMccef1ba221d4440fb1605e9ca70c4573

Monitor_SCMccef1ba221d4440fb1605e9ca70c4573 (UnitMonitor)

This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.

Knowledge Base article:

External

http://go.microsoft.com/fwlink/?LinkId=243138

Element properties:

TargetMicrosoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security
Parent MonitorSystem.Health.ConfigurationState
CategoryAlert
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.KnowledgeServices.Library.PowerShellMonitorEx
RemotableTrue
AccessibilityPublic
Alert Message
User Account Control: Switch to the secure desktop when prompting for elevation
<Details>
<Content>This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. The options are: Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users. Disabled: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.

Consideration:
Elevation prompt dialog boxes can be spoofed, causing users to disclose their passwords to malicious software.

Impact:
None. This is the default configuration.

Recommendation:
Enable the User Account Control: Switch to the secure desktop when prompting for elevation setting. The secure desktop helps protect against input and out spoofing by presenting the credentials dialog box in a protected section of memory which only is accessible by trusted system processes.

Group Policy Path:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Switch to the secure desktop when prompting for elevation</Content>
<CollectedInformation>
<Info>
<Name>Recommended Value</Name>
<Value>Enabled</Value>
</Info>
<Info>
<Name>Actual Value</Name>
<Value>{0}</Value>
</Info>
</CollectedInformation>
</Details>
RunAsDefault
CommentSupportTopic=TBD;VersionNumber=1.0.0.1;

Source Code:

<UnitMonitor ID="Monitor_SCMccef1ba221d4440fb1605e9ca70c4573" Comment="SupportTopic=TBD;VersionNumber=1.0.0.1;" Accessibility="Public" Enabled="true" Target="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="KnowledgeServicesLibrary!Microsoft.KnowledgeServices.Library.PowerShellMonitorEx" ConfirmDelivery="true">

  <Category>Alert</Category>

  <AlertSettings AlertMessage="MonitorMessageccef1ba221d4440fb1605e9ca70c4573">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/Property[@Name='ActualValue']$</AlertParameter1>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>

    <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <ScriptName>SCMccef1ba221d4440fb1605e9ca70c4573.ps1</ScriptName>

    <Parameters>

      <Parameter>

        <Name>ActualValue</Name>

        <Value>$Target/Property[Type="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security"]/UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation$</Value>

      </Parameter>

    </Parameters>

    <ScriptBody><Script>





param($ActualValue)



$ErrorActionPreference = "Stop"



# Set up the arguments

$scriptargs = new-object psobject

$scriptargs | add-member NoteProperty "ActualValue" $ActualValue



# Set up the output

$global:scriptoutput = new-object psobject

$scriptoutput | add-member NoteProperty "ActualValue" ""

$unit = $null

$valueToFriendlyName = $null

$valueToFriendlyName += @{"" = "[Setting Not Present]"}

$valueToFriendlyName += @{"0" = "Disabled"}

$valueToFriendlyName += @{"1" = "Enabled"}



function AdvisorRule($scriptargs, $scriptoutput)

{

	$ActualValue = $scriptargs.ActualValue



	if ($unit -ne $null)

	{

		$scriptoutput.ActualValue = $ActualValue + $unit

	}

	else

	{

		$scriptoutput.ActualValue = $valueToFriendlyName.$ActualValue

	}

}



AdvisorRule $scriptargs $scriptoutput



# set the output

$mom = new-object -comobject "MOM.ScriptAPI"

$bag = $mom.CreatePropertyBag()



if ($scriptoutput.ActualValue -ne $null)

{

	$bag.AddValue("ActualValue", $scriptoutput.ActualValue)

}



$bag



</Script></ScriptBody>

    <SnapIns/>

    <TimeoutSeconds>300</TimeoutSeconds>

    <Schedule>14403</Schedule>

    <ErrorExpression>

      <SimpleExpression>

        <ValueExpression>

          <Value Type="Integer">$Target/Property[Type="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security"]/UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation$</Value>

        </ValueExpression>

        <Operator>NotEqual</Operator>

        <ValueExpression>

          <Value Type="Integer">1</Value>

        </ValueExpression>

      </SimpleExpression>

    </ErrorExpression>

    <SuccessExpression>

      <Not>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <Value Type="Integer">$Target/Property[Type="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security"]/UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation$</Value>

            </ValueExpression>

            <Operator>NotEqual</Operator>

            <ValueExpression>

              <Value Type="Integer">1</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </Not>

    </SuccessExpression>

  </Configuration>

</UnitMonitor>